Issue #13368 - Bad UrlParameterDecoder.parse() return value. (#13369)

joakime · web-flow · commit 47e1a01efd49 · 2025-07-22T07:39:12.000-05:00
* Introduce new ComplianceTest in jetty-server.
* UrlParameterDecoder.parse() had bad return value.
* UrlEncoded.decodeUtf8To() had bad return value.
* Enhancing UrlParameterDecoderTest to test for return value of parse()
* Enhancing UrlEncodedUtf8Test to also test for decodeUtf8To() return value.
diff --git a/jetty-core/jetty-server/src/test/java/org/eclipse/jetty/server/ComplianceTest.java b/jetty-core/jetty-server/src/test/java/org/eclipse/jetty/server/ComplianceTest.java
@@ -0,0 +1,154 @@
+//
+// ========================================================================
+// Copyright (c) 1995 Mort Bay Consulting Pty Ltd and others.
+//
+// This program and the accompanying materials are made available under the
+// terms of the Eclipse Public License v. 2.0 which is available at
+// https://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0
+// which is available at https://www.apache.org/licenses/LICENSE-2.0.
+//
+// SPDX-License-Identifier: EPL-2.0 OR Apache-2.0
+// ========================================================================
+//
+
+package org.eclipse.jetty.server;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Queue;
+import java.util.function.Consumer;
+import java.util.stream.Stream;
+
+import org.eclipse.jetty.http.ComplianceViolation;
+import org.eclipse.jetty.http.HttpTester;
+import org.eclipse.jetty.http.UriCompliance;
+import org.eclipse.jetty.io.Content;
+import org.eclipse.jetty.util.BlockingArrayQueue;
+import org.eclipse.jetty.util.Callback;
+import org.eclipse.jetty.util.Fields;
+import org.eclipse.jetty.util.component.LifeCycle;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.MethodSource;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.containsString;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+/**
+ * Test various {@link org.eclipse.jetty.http.ComplianceViolation} behaviors with actual requests.
+ */
+public class ComplianceTest
+{
+    private Server server;
+    private LocalConnector localConnector;
+
+    @AfterEach
+    public void stopServer()
+    {
+        LifeCycle.stop(server);
+    }
+
+    protected void startServer(Consumer<Server> serverConsumer) throws Exception
+    {
+        server = new Server();
+        localConnector = new LocalConnector(server);
+        server.addConnector(localConnector);
+
+        if (serverConsumer != null)
+            serverConsumer.accept(server);
+
+        server.start();
+    }
+
+    public static Stream<Arguments> queryComplianceCases()
+    {
+        List<Arguments> cases = new ArrayList<>();
+        for (UriCompliance compliance : List.of(UriCompliance.DEFAULT, UriCompliance.LEGACY, UriCompliance.RFC3986))
+        {
+            cases.add(Arguments.of(compliance, "query=blocked=%2F%2F%E6%84%9B%22",
+                Map.of("query", "blocked=//愛\"")));
+            cases.add(Arguments.of(compliance, "query=buster=1752874099305",
+                Map.of("query", "buster=1752874099305")));
+            cases.add(Arguments.of(compliance, "query=startup=1",
+                Map.of("query", "startup=1")));
+        }
+        return cases.stream();
+    }
+
+    @ParameterizedTest
+    @MethodSource("queryComplianceCases")
+    public void testQueryCompliance(UriCompliance compliance, String rawQuery, Map<String, String> expectedMap) throws Exception
+    {
+        Queue<ComplianceViolation.Event> events = new BlockingArrayQueue<>();
+
+        ComplianceViolation.Listener listener = new ComplianceViolation.Listener()
+        {
+            @Override
+            public void onComplianceViolation(ComplianceViolation.Event event)
+            {
+                new RuntimeException("Huh?").printStackTrace(System.err);
+                events.add(event);
+            }
+        };
+
+        startServer(server ->
+        {
+            localConnector.getContainedBeans(HttpConfiguration.class)
+                .forEach(httpConfig ->
+                {
+                    httpConfig.setUriCompliance(compliance);
+                    httpConfig.addComplianceViolationListener(listener);
+                });
+
+            server.setHandler(new Handler.Abstract()
+            {
+                @Override
+                public boolean handle(Request request, Response response, Callback callback)
+                {
+                    try
+                    {
+                        StringBuilder body = new StringBuilder();
+                        body.append("raw-path-query=").append(request.getHttpURI().getPathQuery());
+                        Fields fields = Request.getParameters(request);
+                        for (Fields.Field field : fields)
+                        {
+                            body.append("\nfield[").append(field.getName());
+                            body.append("]=").append(field.getValues());
+                        }
+                        Content.Sink.write(response, true, body.toString(), callback);
+                        return true;
+                    }
+                    catch (Exception e)
+                    {
+                        throw new RuntimeException(e);
+                    }
+                }
+            });
+        });
+
+        String rawRequest = """
+            GET /test?%s HTTP/1.1
+            Host: local
+            Connection: close
+            
+            """.formatted(rawQuery);
+
+        String rawResponse = localConnector.getResponse(rawRequest);
+        HttpTester.Response response = HttpTester.parseResponse(rawResponse);
+        assertEquals(200, response.getStatus());
+        String responseBody = response.getContent();
+        assertThat(responseBody, containsString(rawQuery));
+        expectedMap.forEach((key, value) -> assertThat(responseBody, containsString("field[%s]=[%s]".formatted(key, value))));
+
+        // Shouldn't see any compliance violation events
+        assertEquals(0, events.size(), () ->
+        {
+            StringBuilder msg = new StringBuilder();
+            events.forEach(event -> msg.append("event:").append(event).append("\n"));
+            return msg.toString();
+        });
+    }
+}
diff --git a/jetty-core/jetty-util/src/main/java/org/eclipse/jetty/util/UrlEncoded.java b/jetty-core/jetty-util/src/main/java/org/eclipse/jetty/util/UrlEncoded.java
@@ -368,7 +368,7 @@ public static boolean decodeUtf8To(String query, int offset, int length, BiConsu
         UrlParameterDecoder decoder = new UrlParameterDecoder(charsetStringBuilder, adder, -1, -1, allowBadUtf8, allowBadPercent, allowTruncatedUtf8);
         try
         {
-            return decoder.parse(query, offset, length);
+            return !decoder.parse(query, offset, length);
         }
         catch (IOException e)
         {
diff --git a/jetty-core/jetty-util/src/main/java/org/eclipse/jetty/util/UrlParameterDecoder.java b/jetty-core/jetty-util/src/main/java/org/eclipse/jetty/util/UrlParameterDecoder.java
@@ -39,6 +39,7 @@ class UrlParameterDecoder
     private String name;
     private int keyCount;
     private int charCount;
+    private boolean codingError = false;
 
     public UrlParameterDecoder(CharsetStringBuilder charsetStringBuilder, BiConsumer<String, String> newFieldAdder)
     {
@@ -152,6 +153,7 @@ public boolean parse(Reader reader) throws IOException
 
     private boolean parseCompletely(CharIterator iter) throws IOException
     {
+        codingError = false;
         int i;
         while ((i = iter.next()) >= 0)
         {
@@ -164,7 +166,7 @@ private boolean parseCompletely(CharIterator iter) throws IOException
         }
 
         complete();
-        return builder.hasCodingErrors();
+        return codingError;
     }
 
     /**
@@ -223,6 +225,7 @@ else if (!StringUtil.isEmpty(str))
                 }
                 catch (NumberFormatException e)
                 {
+                    codingError = true;
                     boolean replaced = builder.replaceIncomplete();
                     if (replaced && !allowBadEncoding || !allowBadPercent)
                         throw new IllegalArgumentException(notValidPctEncoding((char)hi, (char)lo));
@@ -273,19 +276,22 @@ private boolean handleIncompletePctEncoding(int hi)
     {
         if (builder.replaceIncomplete())
         {
+            codingError = true;
             if (!allowBadEncoding || !allowBadPercent)
                 throw new IllegalArgumentException(notValidPctEncoding((char)hi, (char)0));
             return false;
         }
         else if (allowBadPercent)
         {
+            codingError = true;
             builder.append('%');
             if (hi != -1)
                 builder.append((char)hi);
             return true;
         }
         else
         {
+            codingError = true;
             throw new IllegalArgumentException(notValidPctEncoding((char)hi, (char)0));
         }
     }
@@ -295,6 +301,9 @@ private static void decodeHexByteTo(CharsetStringBuilder buffer, char hi, char l
         buffer.append((byte)((convertHexDigit(hi) << 4) + convertHexDigit(lo)));
     }
 
+    /**
+     * Finish up any remaining character sequences.
+     */
     private void complete() throws CharacterCodingException
     {
         if (name != null)
@@ -320,22 +329,26 @@ private String takeBuiltString() throws CharacterCodingException
         if (!allowBadEncoding && !allowBadPercent && !allowTruncatedEncoding)
         {
             String result = builder.build(false);
+            codingError |= builder.hasCodingErrors();
             builder.reset();
             return result;
         }
 
-        boolean codingError = builder.hasCodingErrors();
+        codingError |= builder.hasCodingErrors();
         if (codingError && !allowBadEncoding)
         {
             return builder.build(false);
         }
 
-        if (builder.replaceIncomplete() && !allowTruncatedEncoding)
+        boolean replaced = builder.replaceIncomplete();
+        codingError |= replaced;
+        if (replaced && !allowTruncatedEncoding)
         {
             return builder.build(false);
         }
 
         String result = builder.build(true);
+        codingError |= builder.hasCodingErrors();
         builder.reset();
         return result;
     }
diff --git a/jetty-core/jetty-util/src/test/java/org/eclipse/jetty/util/UrlEncodedUtf8Test.java b/jetty-core/jetty-util/src/test/java/org/eclipse/jetty/util/UrlEncodedUtf8Test.java
@@ -24,6 +24,8 @@
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.notNullValue;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
 
 public class UrlEncodedUtf8Test
 {
@@ -45,7 +47,28 @@ public class UrlEncodedUtf8Test
     public void testDecodeAllowBadSequence(String query, String expectedName, String expectedValue)
     {
         Fields fields = new Fields();
-        UrlEncoded.decodeUtf8To(query, 0, query.length(), fields::add, true, true, true);
+        boolean ret = UrlEncoded.decodeUtf8To(query, 0, query.length(), fields::add, true, true, true);
+        assertFalse(ret, "decodeUtf8To should have returned false to indicate a bad utf-8 encoded value");
+        Fields.Field field = fields.get(expectedName);
+        assertThat("Name exists", field, notNullValue());
+        assertThat("Value", field.getValue(), is(expectedValue));
+    }
+
+    @ParameterizedTest
+    @CsvSource(delimiter = '|', useHeadersInDisplayName = false,
+        textBlock = """
+            # query         | expectedName | expectedValue
+            a=good          | a            | good
+            b=go%2fod       | b            | go/od
+            c=quot%22       | c            | quot"
+            d=fo o          | d            | fo o
+            e=%25TOK%25     | e            | %TOK%
+            """)
+    public void testDecodeValid(String query, String expectedName, String expectedValue)
+    {
+        Fields fields = new Fields();
+        boolean ret = UrlEncoded.decodeUtf8To(query, 0, query.length(), fields::add, false, false, false);
+        assertTrue(ret, "decodeUtf8To should have returned true to indicate a good utf-8 encoded value");
         Fields.Field field = fields.get(expectedName);
         assertThat("Name exists", field, notNullValue());
         assertThat("Value", field.getValue(), is(expectedValue));
diff --git a/jetty-core/jetty-util/src/test/java/org/eclipse/jetty/util/UrlParameterDecoderTest.java b/jetty-core/jetty-util/src/test/java/org/eclipse/jetty/util/UrlParameterDecoderTest.java

Original file line number	Diff line number	Diff line change
`@@ -368,7 +368,7 @@ public static boolean decodeUtf8To(String query, int offset, int length, BiConsu`
`368`	`368`	`UrlParameterDecoder decoder = new UrlParameterDecoder(charsetStringBuilder, adder, -1, -1, allowBadUtf8, allowBadPercent, allowTruncatedUtf8);`
`369`	`369`	`try`
`370`	`370`	`{`
`371`		`- return decoder.parse(query, offset, length);`
	`371`	`+ return !decoder.parse(query, offset, length);`
`372`	`372`	`}`
`373`	`373`	`catch (IOException e)`
`374`	`374`	`{`
Original file line number	Diff line number	Diff line change
`@@ -39,6 +39,7 @@ class UrlParameterDecoder`
`39`	`39`	`private String name;`
`40`	`40`	`private int keyCount;`
`41`	`41`	`private int charCount;`
	`42`	`+ private boolean codingError = false;`
`42`	`43`
`43`	`44`	`public UrlParameterDecoder(CharsetStringBuilder charsetStringBuilder, BiConsumer<String, String> newFieldAdder)`
`44`	`45`	`{`
`@@ -152,6 +153,7 @@ public boolean parse(Reader reader) throws IOException`
`152`	`153`
`153`	`154`	`private boolean parseCompletely(CharIterator iter) throws IOException`
`154`	`155`	`{`
	`156`	`+ codingError = false;`
`155`	`157`	`int i;`
`156`	`158`	`while ((i = iter.next()) >= 0)`
`157`	`159`	`{`
`@@ -164,7 +166,7 @@ private boolean parseCompletely(CharIterator iter) throws IOException`
`164`	`166`	`}`
`165`	`167`
`166`	`168`	`complete();`
`167`		`- return builder.hasCodingErrors();`
	`169`	`+ return codingError;`
`168`	`170`	`}`
`169`	`171`
`170`	`172`	`/**`
`@@ -223,6 +225,7 @@ else if (!StringUtil.isEmpty(str))`
`223`	`225`	`}`
`224`	`226`	`catch (NumberFormatException e)`
`225`	`227`	`{`
	`228`	`+ codingError = true;`
`226`	`229`	`boolean replaced = builder.replaceIncomplete();`
`227`	`230`	`if (replaced && !allowBadEncoding \|\| !allowBadPercent)`
`228`	`231`	`throw new IllegalArgumentException(notValidPctEncoding((char)hi, (char)lo));`
`@@ -273,19 +276,22 @@ private boolean handleIncompletePctEncoding(int hi)`
`273`	`276`	`{`
`274`	`277`	`if (builder.replaceIncomplete())`
`275`	`278`	`{`
	`279`	`+ codingError = true;`
`276`	`280`	`if (!allowBadEncoding \|\| !allowBadPercent)`
`277`	`281`	`throw new IllegalArgumentException(notValidPctEncoding((char)hi, (char)0));`
`278`	`282`	`return false;`
`279`	`283`	`}`
`280`	`284`	`else if (allowBadPercent)`
`281`	`285`	`{`
	`286`	`+ codingError = true;`
`282`	`287`	`builder.append('%');`
`283`	`288`	`if (hi != -1)`
`284`	`289`	`builder.append((char)hi);`
`285`	`290`	`return true;`
`286`	`291`	`}`
`287`	`292`	`else`
`288`	`293`	`{`
	`294`	`+ codingError = true;`
`289`	`295`	`throw new IllegalArgumentException(notValidPctEncoding((char)hi, (char)0));`
`290`	`296`	`}`
`291`	`297`	`}`
`@@ -295,6 +301,9 @@ private static void decodeHexByteTo(CharsetStringBuilder buffer, char hi, char l`
`295`	`301`	`buffer.append((byte)((convertHexDigit(hi) << 4) + convertHexDigit(lo)));`
`296`	`302`	`}`
`297`	`303`
	`304`	`+ /**`
	`305`	`+ * Finish up any remaining character sequences.`
	`306`	`+ */`
`298`	`307`	`private void complete() throws CharacterCodingException`
`299`	`308`	`{`
`300`	`309`	`if (name != null)`
`@@ -320,22 +329,26 @@ private String takeBuiltString() throws CharacterCodingException`
`320`	`329`	`if (!allowBadEncoding && !allowBadPercent && !allowTruncatedEncoding)`
`321`	`330`	`{`
`322`	`331`	`String result = builder.build(false);`
	`332`	`+ codingError \|= builder.hasCodingErrors();`
`323`	`333`	`builder.reset();`
`324`	`334`	`return result;`
`325`	`335`	`}`
`326`	`336`
`327`		`- boolean codingError = builder.hasCodingErrors();`
	`337`	`+ codingError \|= builder.hasCodingErrors();`
`328`	`338`	`if (codingError && !allowBadEncoding)`
`329`	`339`	`{`
`330`	`340`	`return builder.build(false);`
`331`	`341`	`}`
`332`	`342`
`333`		`- if (builder.replaceIncomplete() && !allowTruncatedEncoding)`
	`343`	`+ boolean replaced = builder.replaceIncomplete();`
	`344`	`+ codingError \|= replaced;`
	`345`	`+ if (replaced && !allowTruncatedEncoding)`
`334`	`346`	`{`
`335`	`347`	`return builder.build(false);`
`336`	`348`	`}`
`337`	`349`
`338`	`350`	`String result = builder.build(true);`
	`351`	`+ codingError \|= builder.hasCodingErrors();`
`339`	`352`	`builder.reset();`
`340`	`353`	`return result;`
`341`	`354`	`}`